MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dd800b875aa0ef2fa0923babdd4b162555a1c3ff3c58e9291d45fff82389816. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dd800b875aa0ef2fa0923babdd4b162555a1c3ff3c58e9291d45fff82389816
SHA3-384 hash: 929da242714ef2a99e1a3eca9c6470e428b2c390103e0920f21fcd194a548ed3327a3972b4f683e69263d255aa110bb4
SHA1 hash: fe3a1f35f5c21ce72a1ef05cbf2824a51827a5f2
MD5 hash: 004d3ff1fe0ec1d0a90913f1238f293f
humanhash: low-spaghetti-apart-speaker
File name:tfR5r4pw
Download: download sample
Signature ZLoader
Create hunting rule
File size:649'216 bytes
First seen:2020-07-02 16:15:35 UTC
Last seen:2020-07-02 17:05:49 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash a3c70c53662770049a946e3d13403827 (2 x ZLoader)
ssdeep 12288:BBLIZWDR44fZdoTz0E9z/Y20Yq+Bc2OnjOjSxchYK4/cr:fIZWy4PoT9/YJX9cE/
Threatray 106 similar samples on MalwareBazaar
TLSH 59D4AF202F92C536F6BB0B358826C5309DACBE4595F489DF53D5760E16773C280BAF1A
Reporter JAMESWT_WT
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
100
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18518/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
zloader
Create hunting rule
Link:
https://mwdb.cert.pl/sample/3dd800b875aa0ef2fa0923babdd4b162555a1c3ff3c58e9291d45fff82389816/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 16:17:04 UTC
File Type:
PE (Dll)
Extracted files:
26
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hxmabodvvihpf6qjeo5l3vfrmjkvuhb76pcy5eur2rp77arytala._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
0573d56a84aac658edac1e93d08390c1a8378ed2d801b2460ac89a8ef643eb7d
ZLoader
17ddc83d49b6cd1d511e8c5498c44d8b4bdbbb69b13011a180f8bded117ff2f7
ZLoader
3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659
ZLoader
3bf8fbdad095013493d1b90f5c82880dc57145dfbb54fdf225ded88ba6b1618b
ZLoader
455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb
ZLoader
b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
ZLoader
b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1
ZLoader
ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136
ZLoader
e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157
ZLoader
f28dd082013ee7df2f5956c4e8791e863e575aa64071af9a910826bc12d27acb
ZLoader
+ 96 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
spyware trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200702-7gtctk4t9x/
Behaviour
Discovers systems in the same network
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Runs net.exe
Modifies service
Suspicious use of SetThreadContext
Reads user/profile data of web browsers
Blacklisted process makes network request
Zloader, Terdot, DELoader, ZeusSphinx
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/18518/

Comments